ThinkPad Owners Should Patch This Flaw Now

  • MORE

Lenovo has released a fix for a flaw for fingerprint reader software on older ThinkPad, ThinkCentre and ThinkStation machines. 

ahr0chm6ly93d3cubgfwdg9wbwfnlmnvbs9pbwfnzxmvdxbsb2fkcy81mjq0l2cvbgvub3zvlxroaw5rcgfklxa1ms0wmdmuanbn

The flaw in Lenovo's Fingerprint Manager Pro enabled attackers to log into devices running Windows 7, 8 and 8.1, and let anyone log into your PC with a hardcoded password, skipping the fingerprint reader altogether. Both would require physical access to your PC.

"A vulnerability has been identified in Lenovo Fingerprint Manager Pro," Lenovo wrote on its support page. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in."

Machines that have been updated to, or shipped with, Windows 10 are not affected. Those machines use Microsoft's own fingerprint-reading software.

Lenovo has already patched the issue, and you can download the fix here.

Those with the following systems should download the patch, especially if they use Fingerprint Manager Pro, as soon as possible if they are not running Windows 10.

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Author Bio
Andrew E. Freedman
Andrew E. Freedman,
Andrew joined Laptopmag.com in 2015, reviewing computers and keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.
Andrew E. Freedman, on
Add a comment